To better protect your financial systems, you use network tools to monitor many areas of your network. The reality that is not enough.
Today's network systems are growing in size and complexity, with all sorts of software to run an enterprise financial system.
For this reason, your software needs to be free of errors, not contain hidden loops, not waste computer resources, able to be integrated into another portion of the enterprise system, and able to be re-configured modularly in response to technological changes. Software testing is part of the software development process to ensure that software development output meets its input requirements.
The goal of a security testing policy for software is to quickly find the defects in requirements and code and get the software running as an integrated component of the enterprise financial system as well as provide guidance for the people testing the software. To achieve this, financial services should do the following steps before the software is released for production:
- Review software life cycle management documents to ensure software risk analysis has been updated, and traceability analysis and software design evaluation have been adequately conducted.
- Review your compliance policies to ensure the compliance regulations have been met and the data required for compliance has not or would not be blocked by software testing and the storage of data has been retained for a specified period of time. Review your backup policies -- data and current software -- and test the restoration of backup media. Run backup tapes at off-production times to ensure they are in good condition.
- Review your software testing policy and procedure to ensure firm-developed software is error-free, software testers are adequately skilled, capable of consistently performing the tasks for which it was designed and are aware of compliance policies.
- Conduct a pilot study on testing software in a sample portion of the enterprise. This will help the software testing managers to solve any potential problems before conducting the test on a large scale as well as determine what education and training the testers will need to solve unusual anomalies. Without proper training and education, software testing can be difficult to perform and administer.
- As part of the study, perform the following steps. You can always repeat the process in any step to fix the problem.
- Functional testing to check the functional requirements of an application.
- Integration testing to determine if the parts of an application function together correctly
- System testing to check for the overall system requirements.
- End-to-end testing to check, for instance, interacting of the software with a database, other applications and hardware, and using network communications to ensure high uptime availability..
- Compatibility testing to check how well the software performs in a particular hardware, different operating system and different browsers with other applications. Different browsers have different inherent weaknesses and strengths.
- Comparison testing to check if the software under development will have more strengths and less weaknesses than with another competing software.
- Usability testing to check how user-friendly the applications are.
- User acceptance testing to check if the application meets all or most specifications and/or expectations of the end-user.
- Risk analysis testing to check if vulnerabilities of the application will not be exploited and determine how risks can be mitigated to acceptable levels.
- Compliance testing to check if software can meet compliance deadlines and store required data.
- Regression testing to test the application again after fixes or modifications are done in any step.
Implementing the software testing policy can be a challenge for a financial services firm. Proper implementation techniques can make the job easier.
About the author:
Judith M. Myerson is a systems architect and engineer. Her areas of interest include middleware technologies, enterprise-wide system, database technologies, application development, network management, computer security, information assurance, financial, RFID technologies and project management.